lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.00.1205310028420.8864@chino.kir.corp.google.com>
Date:	Thu, 31 May 2012 00:35:49 -0700 (PDT)
From:	David Rientjes <rientjes@...gle.com>
To:	KOSAKI Motohiro <kosaki.motohiro@...il.com>
cc:	Kamezawa Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	Gao feng <gaofeng@...fujitsu.com>, hannes@...xchg.org,
	mhocko@...e.cz, bsingharora@...il.com, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
	linux-mm@...ck.org, containers@...ts.linux-foundation.org
Subject: Re: [PATCH] meminfo: show /proc/meminfo base on container's memcg

On Thu, 31 May 2012, KOSAKI Motohiro wrote:

> > As I said, LXC and namespace isolation is a tangent to the discussion of
> > faking the /proc/meminfo for the memcg context of a thread.
> 
> Because of, /proc/meminfo affect a lot of libraries behavior. So, it's not only
> application issue. If you can't rewrite _all_ of userland assets, fake meminfo
> can't be escaped. Again see alternative container implementation.
> 

It's a tangent because it isn't a complete psuedo /proc/meminfo for all 
threads attached to a memcg regardless of any namespace isolation; the LXC 
solution has existed for a couple of years by its procfs patchset that 
overlaps procfs with fuse and can suppress or modify any output in the 
context of a memory controller using things like 
memory.{limit,usage}_in_bytes.  I'm sure all other fields could be 
modified if outputted in some structured way via memcg; it looks like 
memory.stat would need to be extended to provide that.  If that's mounted 
prior to executing the application, then your isolation is achieved and 
all libraries should see the new output that you've defined in LXC.

However, this seems like a seperate topic than the patch at hand which 
does this directly to /proc/meminfo based on a thread's memcg context, 
that's the part that I'm nacking.  I'd recommend to Gao to expose this 
information via memory.stat and then use fuse and the procfs lxc support 
as your way of contextualizing the resources.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ